From: Tom Hughes Date: Wed, 27 Jan 2021 21:31:35 +0000 (+0000) Subject: Establish wireguard tunnels from gateways to prometheus servers X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/86c44e026acbb13f331c78f72b16d0efb5cc2e81 Establish wireguard tunnels from gateways to prometheus servers --- diff --git a/cookbooks/networking/recipes/default.rb b/cookbooks/networking/recipes/default.rb index 8eed59556..c24686d0b 100644 --- a/cookbooks/networking/recipes/default.rb +++ b/cookbooks/networking/recipes/default.rb @@ -236,7 +236,7 @@ if node[:networking][:wireguard][:enabled] } end - search(:node, "roles:mail") do |server| + search(:node, "roles:mail OR roles:prometheus") do |server| allowed_ips = server.interfaces(:role => :internal).map do |interface| "#{interface[:network]}/#{interface[:prefix]}" end diff --git a/cookbooks/prometheus/recipes/server.rb b/cookbooks/prometheus/recipes/server.rb index 7e4f4b2bf..bd1f3b50c 100644 --- a/cookbooks/prometheus/recipes/server.rb +++ b/cookbooks/prometheus/recipes/server.rb @@ -146,6 +146,18 @@ end jobs = {} +search(:node, "roles:gateway") do |gateway| + allowed_ips = gateway.interfaces(:role => :internal).map do |interface| + "#{interface[:network]}/#{interface[:prefix]}" + end + + node.default[:networking][:wireguard][:peers] << { + :public_key => gateway[:networking][:wireguard][:public_key], + :allowed_ips => allowed_ips, + :endpoint => "#{gateway.name}:51820" + } +end + search(:node, "recipes:prometheus\\:\\:default").sort_by(&:name).each do |client| if client[:prometheus][:mode] == "wireguard" node.default[:networking][:wireguard][:peers] << { diff --git a/roles/stormfly-03.rb b/roles/stormfly-03.rb index f17fb5a8c..664c061de 100644 --- a/roles/stormfly-03.rb +++ b/roles/stormfly-03.rb @@ -19,7 +19,8 @@ default_attributes( :family => :inet6, :address => "2605:bc80:3010:700::8cd3:a763" } - } + }, + :private_address => "10.0.16.200" }, :tilecache => { :tile_parent => "corvallis.render.openstreetmap.org"